From 024a0fcfafb78c6b2a347cfbf0c1735c48287685 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Thu, 17 Apr 2025 13:06:28 +0100
Subject: [PATCH] feat: ensure central secret keys exists

---
 admin/libhelm.sh                            | 12 ++++++++++++
 charts/kubezero-argo/hooks.d/pre-install.sh |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/admin/libhelm.sh b/admin/libhelm.sh
index 1f22391c..5e1f1f3e 100644
--- a/admin/libhelm.sh
+++ b/admin/libhelm.sh
@@ -80,6 +80,18 @@ function get_kubezero_secret() {
   get_secret_val kubezero kubezero-secrets "$1"
 }
 
+function ensure_kubezero_secret_key() {
+  local secret="$(kubectl get secret -n kubezero kubezero-secrets -o yaml)"
+  local key=""
+  local val=""
+
+  for key in $@; do
+    val=$(echo "$secret" | yq ".data.\"$key\"")
+    if [ "$val" == "null" ]; then
+      kubectl patch secret -n kubezero kubezero-secrets --patch="{\"data\": { \"$key\": \"\" }}"
+    fi
+  done
+}
 
 function set_kubezero_secret() {
   local key="$1"
diff --git a/charts/kubezero-argo/hooks.d/pre-install.sh b/charts/kubezero-argo/hooks.d/pre-install.sh
index a055a3c3..91dd852c 100755
--- a/charts/kubezero-argo/hooks.d/pre-install.sh
+++ b/charts/kubezero-argo/hooks.d/pre-install.sh
@@ -21,3 +21,5 @@ fi
 # Redis secret
 kubectl get secret argocd-redis -n argocd || kubectl create secret generic argocd-redis -n argocd \
     --from-literal=auth=$(date +%s | sha256sum | base64 | head -c 16 ; echo)
+
+ensure_kubezero_secret_key argo-cd.kubezero.username argo-cd.kubezero.password argo-cd.kubezero.sshPrivateKey